• DHS, FBI warn critical infrastructure firms of attacks by “Russia-linked” hackers

    DHS and the FBI on Friday have issued an alert that warning critical infrastructure companies of “advanced persistent threat (APT) actions targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors.” DHS said the hacking campaign, labeled Dragonfly, is a Kremlin-sponsored operation.

  • North Korea sent spear phishing emails to U.S. electric companies

    Cybersecurity firm FireEye says it can confirm that the company’s devices detected and stopped spear phishing emails sent on 22 September 2017 to U.S. electric companies by “known cyber threat actors likely affiliated with the North Korean government.” The activity was early-stage reconnaissance, and not necessarily indicative of an imminent, disruptive cyberattack that might take months to prepare if it went undetected (judging from past experiences with other cyber threat groups).

  • Houston officials let developers build homes inside reservoirs. But no one warned buyers.

    Hurricane Harvey forced many Houston-area residents to realize that their homes were built inside the two massive reservoirs which had been built west of Houston decades ago to protect the city from catastrophic flooding. These homeowners are now coming to terms with the fact that in big enough rainstorms, their neighborhoods are actually designed to flood. Trouble is, nobody told them about it. Today, about 14,000 homes are located inside the reservoirs, or “flood pools,” as city planners call them.

  • Bipartisan bill to help secure the electric grid

    Last week, a bipartisan group of lawmakers introducing H.R. 3855, the Securing The Electric Grid to Protect Military Readiness Act of 2017. H.R. 3855, if enacted, would require the Secretary of Defense, in coordination with the Director of National Intelligence, and the Secretaries of Energy and Homeland Security, to submit to Congress a report detailing significant security risks to defense critical electric infrastructure posed by malicious cyber-enabled activities.

  • Stanford Cyber Initiative addresses cybersecurity, governance, and the future of work

    Daily headlines emphasize the down side of technology: cyberattacks, election hacking and the threat of fake news. In response, government organizations are scrambling to understand how policy should shape technology’s role in governance, security and jobs. The Stanford Cyber Initiative is bringing together scholars from all over campus to confront the challenges technology presents.

  • USGS helps four cities improve urban waterways

    This fall more than $1.5 million is being invested in improving urban lands and waters thanks to expanded USGS partnerships with Albuquerque, New Mexico; San Antonio, Texas; Gary, Indiana; and Harlem and Bronx, New York.

  • Tracing the sources of today’s Russian cyberthreat

    Cyberspace is an active battleground, with cybercriminals, government agents and even military personnel probing weaknesses in corporate, national and even personal online defenses. Some of the most talented and dangerous cybercrooks and cyberwarriors come from Russia, which is a longtime meddler in other countries’ affairs. Over decades, Russian operators have stolen terabytes of data, taken control of millions of computers and raked in billions of dollars. They’ve shut down electricity in Ukraine and meddled in elections in the U.S. and elsewhere. They’ve engaged in disinformation and disclosed pilfered information such as the emails stolen from Hillary Clinton’s campaign chairman, John Podesta, following successful spearphishing attacks. Who are these operators, why are they so skilled and what are they up to?

  • Strengthening the cybersecurity of the grid

    As the U.S. electricity grid continues to modernize, it will mean things like better reliability and resilience, lower environmental impacts, greater integration of renewable energy, as well as new computing and communications technologies to monitor and manage the increasing number of devices that connect to the grid. However, that enhanced connectivity for grid operators and consumers also opens the door to potential cyber intrusions. New project aims to mitigate vulnerabilities introduced by rooftop solar panels integrated with the grid.

  • Testing bridges for safety after major hurricanes

    After Hurricane Irma hit, there was a major concern about South Florida’s bridges, mainly the ones in the Florida Keys. Would the structures be safe to cross for drivers anxious to get back home? Would relief efforts be impaired due to damage caused by massive winds? Fortunately, all forty-two bridges that connect the mainland to the Keys were inspected and declared safe by Monroe County officials. If another major hurricane like Irma hits South Florida, researchers and engineers shares an easy and cost-effective way to test a bridge for safety.

  • Examining NYC storm surge infrastructure resilience

    With the recent Hurricanes Harvey, Irma, and now Maria, which ravaged much of Texas, Florida, and Puerto Rico, as well as Hurricane Katrina and Superstorm Sandy, from which NYC infrastructure is still recovering, it has become clear that addressing threats to infrastructure is critical to keeping our communities safe, functional, and healthy. Storm surge has emerged as one of the most destructive forces on infrastructure, especially interconnected structures in cities.

  • Breaking nuclear deal could bring hacking onslaught from Iran

    If the Trump administration discarded the nuclear deal with Iran, Tehran could retaliate quickly – and inflict considerable damage – by unleashing its increasingly aggressive Iranian hacker army. Cyber-experts who track Tehran’s hackers warn that the attacks might target U.S. power plants, hospitals, airports, and other components of the country’s critical infrastructure. Iran’s current hacking against Western targets is limited almost entirely to commercial espionage and dissident surveillance, but Teheran could quickly redirect its efforts in the event of a rupture of the nuclear pact.

  • Equifax breach is a reminder of society’s larger cybersecurity problems

    The Equifax data breach was yet another cybersecurity incident involving the theft of significant personal data from a large company. Moreover, it is another reminder that the modern world depends on critical systems, networks and data repositories that are not as secure as they should be. And it signals that these data breaches will continue until society as a whole (industry, government and individual users) is able to objectively assess and improve cybersecurity procedures. We all must take a realistic look at the state of cybersecurity, admit the mistakes that have happened and change our thinking for the better. Only then can anyone – much less everyone – take on the task of devoting time, money and personnel to making the necessary changes for meaningful security improvements. It will take a long time, and will require inconvenience and hard work. But it’s the only way forward.

  • Circuit simulation methods protect the power grid

    In December 2015, Russian hackers pummeled Ukraine’s power grid, disrupting the flow of electricity for nearly a quarter-million Ukrainians. Then, in December 2016, roughly a year after the first attack, the hackers struck again. But this time, they targeted an electric transmission station in Kiev, the capital of Ukraine. Each cyberattack lasted no more than six hours, but security experts were still alarmed: hackers had just demonstrated their ability to infiltrate the grid and drastically alter the flow of society. Americans began to worry. If hackers could target Ukraine, then what would stop them from targeting other countries in western Europe or even the United States?

  • Using AI to prevent, minimize electric grid failures

    A project led by the Department of Energy’s SLAC National Accelerator Laboratory will combine artificial intelligence with massive amounts of data and industry experience from a dozen U.S. partners to identify places where the electric grid is vulnerable to disruption, reinforce those spots in advance, and recover faster when failures do occur. It is the first project to employ AI to help the grid manage power fluctuations, resist damage and bounce back faster from storms, solar eclipses, cyberattacks, and other disruptions.

  • Safety of controlling critical infrastructures via mobile phone networks questioned

    Critical infrastructures such as wind power stations are partially controlled via mobile phone networks. Using state-of-the-art tests, researchers are investigating how well protected that form of communication is from external attacks.